[MEDIUM] Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

PKSA-nx96-fm8s-mdqg CVE-2026-23495 GHSA-hqrp-m84v-2m2f

Affected version: <=1.7.15|>=2.0.0-RC1,<=2.2.2

Reported by:
GitHub

[LOW] Pimcore's Admin Classic Bundle allows HTML Injection

PKSA-p8mb-27jx-rxgt CVE-2025-30166 GHSA-x82r-6j37-vrgg

Affected version: <1.7.6

Reported by:
GitHub